Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 21 Nov 2012 12:01:10 -0500
From: Matt Weir <>
Subject: Re: How does incremental mode works?

> Do you have any reference or example of these policy filter or equivalent
> solutions being used to generate such kind of specific candidate passwords
> for jTr running with incremental mode?

So in the official EXAMPLES readme for JTR, (found in the doc
directory of your install or online at, give an example on
how to apply policy rules to incremental mode.

-Begin Quote--
You can use some pre-defined or custom word filters when generating
the charset file to have John consider some simpler passwords only:
	john --make-charset=my_alpha.chr --external=filter_alpha mypasswd
-End Quote---

Now that is for trying only simple passwords, but you could use an
external mode to only build charsets based on more complicated
passwords as well, (aka must be at least 8 chars, contain an uppercase
character + digit). I want to stress that many of the guesses
generated by incremental mode using your charset won't meet the
password creation requirement. For that you would need to specify your
external filter again when cracking passwords so that you don't waste
time hashing guesses that have no chance of cracking a password hash
due to policy requirements.

I hope this helps.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.